fix(admin): modal bugs; chore(api): update ReDoc SRI; docs(openapi): add annotations + spec

public/api/admin/acl/getGrants.php

@@ -1,5 +1,28 @@
 <?php
 // public/api/admin/acl/getGrants.php
+
+/**
+ * @OA\Get(
+ *   path="/api/admin/acl/getGrants.php",
+ *   summary="Get ACL grants for a user",
+ *   tags={"Admin","ACL"},
+ *   security={{"cookieAuth":{}}},
+ *   @OA\Parameter(name="user", in="query", required=true, @OA\Schema(type="string")),
+ *   @OA\Response(
+ *     response=200,
+ *     description="Map of folder → grant flags",
+ *     @OA\JsonContent(
+ *       type="object",
+ *       required={"grants"},
+ *       @OA\Property(property="grants", ref="#/components/schemas/GrantsMap")
+ *     )
+ *   ),
+ *   @OA\Response(response=400, description="Invalid user"),
+ *   @OA\Response(response=401, description="Unauthorized")
+ * )
+ */
+
+
 declare(strict_types=1);
 
 require_once __DIR__ . '/../../../../config/config.php';

public/api/admin/acl/saveGrants.php

@@ -1,5 +1,27 @@
 <?php
 // public/api/admin/acl/saveGrants.php
+
+/**
+ * @OA\Post(
+ *   path="/api/admin/acl/saveGrants.php",
+ *   summary="Save ACL grants (single-user or batch)",
+ *   tags={"Admin","ACL"},
+ *   security={{"cookieAuth":{}}},
+ *   @OA\RequestBody(
+ *     required=true,
+ *     description="Either {user,grants} or {changes:[{user,grants}]}",
+ *     @OA\JsonContent(oneOf={
+ *       @OA\Schema(ref="#/components/schemas/SaveGrantsSingle"),
+ *       @OA\Schema(ref="#/components/schemas/SaveGrantsBatch")
+ *     })
+ *   ),
+ *   @OA\Response(response=200, description="Saved"),
+ *   @OA\Response(response=400, description="Invalid payload"),
+ *   @OA\Response(response=401, description="Unauthorized"),
+ *   @OA\Response(response=403, description="Invalid CSRF")
+ * )
+ */
+
 declare(strict_types=1);
 
 require_once __DIR__ . '/../../../../config/config.php';

public/api/admin/getConfig.php

@@ -1,6 +1,30 @@
 <?php
 // public/api/admin/getConfig.php
 
+/**
+ * @OA\Get(
+ *   path="/api/admin/getConfig.php",
+ *   tags={"Admin"},
+ *   summary="Get UI configuration",
+ *   description="Returns a public subset for everyone; authenticated admins receive additional loginOptions fields.",
+ *   operationId="getAdminConfig",
+ *   @OA\Response(
+ *     response=200,
+ *     description="Configuration loaded",
+ *     @OA\JsonContent(
+ *       oneOf={
+ *         @OA\Schema(ref="#/components/schemas/AdminGetConfigPublic"),
+ *         @OA\Schema(ref="#/components/schemas/AdminGetConfigAdmin")
+ *       }
+ *     )
+ *   ),
+ *   @OA\Response(response=500, description="Server error")
+ * )
+ *
+ * Retrieves the admin configuration settings and outputs JSON.
+ * @return void
+ */
+
 require_once __DIR__ . '/../../../config/config.php';
 require_once PROJECT_ROOT . '/src/controllers/AdminController.php';
 

public/api/admin/readMetadata.php

@@ -1,6 +1,35 @@
 <?php
 // public/api/admin/readMetadata.php
 
+/**
+ * @OA\Get(
+ *   path="/api/admin/readMetadata.php",
+ *   summary="Read share metadata JSON",
+ *   description="Admin-only: returns the cleaned metadata for file or folder share links.",
+ *   tags={"Admin"},
+ *   operationId="readMetadata",
+ *   security={{"cookieAuth":{}}},
+ *   @OA\Parameter(
+ *     name="file",
+ *     in="query",
+ *     required=true,
+ *     description="Which metadata file to read",
+ *     @OA\Schema(type="string", enum={"share_links.json","share_folder_links.json"})
+ *   ),
+ *   @OA\Response(
+ *     response=200,
+ *     description="OK",
+ *     @OA\JsonContent(oneOf={
+ *       @OA\Schema(ref="#/components/schemas/ShareLinksMap"),
+ *       @OA\Schema(ref="#/components/schemas/ShareFolderLinksMap")
+ *     })
+ *   ),
+ *   @OA\Response(response=400, description="Missing or invalid file param"),
+ *   @OA\Response(response=403, description="Forbidden (admin only)"),
+ *   @OA\Response(response=500, description="Corrupted JSON")
+ * )
+ */
+
 require_once __DIR__ . '/../../../config/config.php';
 
 // Only admins may read these

public/api/admin/updateConfig.php

@@ -1,6 +1,45 @@
 <?php
 // public/api/admin/updateConfig.php
 
+/**
+ * @OA\Put(
+ *   path="/api/admin/updateConfig.php",
+ *   summary="Update admin configuration",
+ *   description="Merges the provided settings into the on-disk configuration and persists them. Requires an authenticated admin session and a valid CSRF token. When OIDC is enabled (disableOIDCLogin=false), `providerUrl`, `redirectUri`, and `clientId` are required and must be HTTPS (HTTP allowed only for localhost).",
+ *   operationId="updateAdminConfig",
+ *   tags={"Admin"},
+ *   security={ {{"cookieAuth": {}, "CsrfHeader": {}}} },
+ *
+ *   @OA\RequestBody(
+ *     required=true,
+ *     @OA\JsonContent(ref="#/components/schemas/AdminUpdateConfigRequest")
+ *   ),
+ *
+ *   @OA\Response(
+ *     response=200,
+ *     description="Configuration updated",
+ *     @OA\JsonContent(ref="#/components/schemas/SimpleSuccess")
+ *   ),
+ *   @OA\Response(
+ *     response=400,
+ *     description="Validation error (e.g., bad authHeaderName, missing OIDC fields when enabled, or negative upload limit)",
+ *     @OA\JsonContent(ref="#/components/schemas/SimpleError")
+ *   ),
+ *   @OA\Response(
+ *     response=403,
+ *     description="Unauthorized access or invalid CSRF token",
+ *     @OA\JsonContent(ref="#/components/schemas/SimpleError")
+ *     // or: ref to the reusable response
+ *     // ref="#/components/responses/Forbidden"
+ *   ),
+ *   @OA\Response(
+ *     response=500,
+ *     description="Server error while loading or saving configuration",
+ *     @OA\JsonContent(ref="#/components/schemas/SimpleError")
+ *   )
+ * )
+ */
+
 require_once __DIR__ . '/../../../config/config.php';
 require_once PROJECT_ROOT . '/src/controllers/AdminController.php';